Continuing her efforts to improve privacy in the mobile sphere, California Attorney General Kamala Harris released a report titled “Privacy on the Go: Recommendations for the Mobile Ecosystem,” a set of “privacy best practices” for app developers, platform providers, ad networks, and others in the mobile ecosystem.

“Our recommendations, which in many places offer greater protection than afforded by existing law, are intended to encourage all players in the mobile marketplace to consider privacy implications at the outset of the design process,” according to the report.

The report recommends that the design process include privacy protections from the first stages of development and that “accurate, conspicuous, and easy-to-understand privacy policies” are available to consumers prior to download. App developers should make default settings “privacy protective” (e.g., not permitting the automatic sharing of contact information by default) and should limit their collection of personally identifiable information, broadly defined to include geolocation data, call logs, address books, browsing history, and pictures.

The report also tracks the report by the Federal Trade Commission issued last year and recommends app developers use enhanced measures to draw user attention to potentially unexpected data practices, such as the collection of sensitive information, and provide users the ability to opt out. Ad networks should avoid delivering ads outside the context of the app (e.g., putting icons on the mobile desktop) and should share their privacy policies with app developers who can make them available to consumers before downloading an app.

In response, a coalition of ad groups – including the Direct Marketing Association, the Interactive Advertising Bureau, the American Advertising Federation, the Association of National Advertisers, and the American Association of Advertising Agencies – sent a letter to the AG, stating that the guidelines “extend far beyond existing legal requirements under California law.”

Further, the groups expressed their concern that these recommendations, if implemented, will chill innovation in the marketplace, cost jobs, harm California’s economy, and deprive consumers of the benefits of mobile applications, products, and services.

The groups also noted that Harris neglected to seek the input of the industry associations, that she never presented the recommendations for public review and comment, and that other efforts to regulate mobile privacy are already under way, including a multistakeholder process with the Department of Commerce, various congressional committees, and agencies such as the FTC and the Federal Communications Commission.

“Matters of mobile privacy are best addressed through codes of conduct developed through broad industry consensus that include mechanisms for responding to shifting technologies, practices, and consumer preferences,” the groups argued. “These recommendations, which openly conflict with developing consensus standards and are not grounded in any apparent legal authority, go well beyond existing requirements under California law, as well as Federal law, and will inevitably impact countless entities that are not subject to California’s Online Privacy Protection Act. As a result, these circumstances would create uncertainty in the marketplace, raise unnecessary costs for business, restrict innovation, slow economic growth, reduce benefits for consumers, and result in job losses in California and throughout the nation.”

Why it matters: The AG’s report is her latest effort to provide greater protections for consumers in the area of mobile privacy. Last year, she forged a deal with major platforms in which they agreed that California’s privacy law applied to mobile apps. Then, after sending an estimated 100 warning letters to companies she alleged were in violation of the law by failing to post a privacy policy, Harris filed her first lawsuit under the Act against Delta Airlines. However, industry groups are pushing back against Harris’ latest endeavor. As Stu Ingis, government affairs and privacy counsel to the DMA, told Advertising Age, “Consumers aren’t clamoring for some special notice” and that “It’s amazing that with all the innovation that’s occurring, a small section of people continue to look for forums that in reality would produce a result that would be bad for the consumer experience.”

FTC Settles First FCRA Suit Involving Mobile Apps

A mobile app maker violated the Fair Credit Reporting Act (FCRA) by claiming that users of its apps could gain access to hundreds of thousands of criminal records without following other requirements of the statute, according to the Federal Trade Commission.

The agency brought charges against Filiquarian Publishing, Choice Level LLC (a related company that provided the criminal records accessed via Filiquarian’s apps), and Joshua Linsk, the CEO of the companies, for failing to ensure that the information they sold was accurate and would be used only for legally permissible purposes as required by the FCRA.

Pursuant to the FCRA, credit reporting agencies (companies that supply reports for credit, employment, housing, and insurance applications) must take reasonable steps to ensure the accuracy of their reports and provide consumers with the right to challenge information contained therein. In addition, companies cannot provide data unless the recipient intends to use it for a “permissible purpose” under the Act, such as decisions relating to credit, employment, and housing applications.

The FTC complaint alleged that defendants failed to meet these statutory requirements despite the fact that they acted as CRAs under the Act.

The agency alleged that Filiquarian told consumers to use its mobile apps to access “hundreds of thousands of criminal records” and conduct searches on potential employees. Marketing for the apps included statements such as “Are you hiring somebody and wanting to quickly find out if they have a record? Then Texas Criminal Record Search is the perfect application for you.”

For 99 cents, users could conduct an unlimited number of searches for criminal records within a particular state or county. Between 2010 and last May, approximately 7,000 copies of Filiquarian’s apps were sold on iTunes and GooglePlay.

The defendants “regularly” provided those purchasers with reports without checking them for accuracy and failed to ascertain whether app users had a permissible purpose under the FCRA, the FTC said.

The defendants also failed to inform users of the apps that they are required under law to notify individuals if an adverse action was taken against them based on information in a report.

Although Filiquarian posted disclaimers that it was not FCRA compliant, that its products should not be considered screening products for employment, insurance, and credit screening, and that anyone who used their reports assumed sole responsibility for FCRA compliance, the agency said these disclaimers were insufficient to overcome the express representations in its advertisements that the reports could be used for employment purposes.

Under the terms of the consent order, the defendants are barred from providing reports to anyone they do not have reason to believe has a “permissible purpose” to use the report. In addition, the companies will provide report purchasers with information about their obligations under the FCRA and will take reasonable steps to ensure the “maximum possible accuracy” of the information in the reports.

Why it matters: The case underscores the agency’s attention to potential violations of the FCRA, particularly in the context of mobile apps. Last year, the FTC sent warning letters to six marketers of background check mobile applications, in which they cautioned compliance with the FCRA if their reports were being used for employment or other FCRA purposes. This settlement also illustrates that the agency will not hesitate to find that companies act as CRAs and violate the FCRA based on their actions, even where they expressly deny that they are a CRA or FCRA compliant.

Sony Settles Suit with Actor from PlayStation Ads

Sony recently reached an agreement with an actor who promoted its PlayStation console in dozens of television commercials over a three-year period, and then appeared in an ad touting a rival product.

Sony hired actor Jerry Lambert in 2009 to appear in a series of ads for PlayStation as the character “Kevin Butler,” a fictional vice president of Sony Entertainment who promoted Sony PlayStation video games and related products in commercials, Twitter and many Facebook postings. As a result, Lambert’s character became well-known among video game consumers.

But last year, Lambert appeared in a commercial for Bridgestone tires. The problem? Bridgestone was running a promotion offering a Nintendo Wii game console to customers who purchased a set of tires from the company, and Lambert was featured playing Wii video games in the ad.

“With the intent of unfairly capitalizing on the consumer goodwill generated by ‘Kevin Butler,’ Bridgestone has used and is using the same or confusingly similar character, played by the same actor, to advertise its products or services in the commercial,” Sony alleged in its suit against the tire retailer and Lambert’s production company, Wildcat Creek.

Sony argued that Bridgestone’s use of the Kevin Butler character constitutes a false designation of origin and false and misleading description of fact, likely to cause confusion, mistake or deceive in violation of the Lanham Act. Sony also argued that Lambert violated the terms of his contract, which provided for exclusivity, and Bridgestone tortiously interfered with that contractual relationship.

To end part of the dispute, Sony and Lambert reached an agreement. Lambert stipulated to the fact that the “Kevin Butler” character “achieved widespread fame and consumer recognition” and that “many consumers” identified the character Lambert portrayed in the Bridgestone commercial as Kevin Butler.

Accordingly, the agreement enjoins Lambert from appearing “in any advertisement, commercial, promotion, or co-promotion, in any media, that features, includes, or mentions any other video game or computer entertainment system or video game company” for a period of two years. Sony will forever retain the rights to the “Kevin Butler” character, and Lambert cannot portray him without permission.

The agreement also allows Lambert to perform in video game or computer entertainment commercials after two years, but for the first two years thereafter, he must provide Sony with ten days’ notice prior to performing in such an ad, as well as “sufficient information” so that Sony can assess whether Lambert’s intended performance violates its rights in the Kevin Butler character.

The stipulated injunction was entered as an order by the court on January 10, 2013. Pursuant to its terms, any violation of the order would cause “irreparable harm” to Sony, and the company would be entitled to immediate relief, including monetary, injunctive, and equitable relief.

To read the stipulated injunction order between Sony and Wildcat Creek, click here.

Why it matters: Lambert may have settled his suit, but Sony and Bridgestone have yet to reach an agreement. In response to the complaint, Bridgestone filed a motion to dismiss, arguing that Lambert played a different character in its commercial – a tire engineer – and not “Kevin Butler,” a Sony employee. The suit poses a unique legal question: does the appearance of an actor so widely known as an established character in an ad for another company create consumer confusion in violation of trademark law?

Court: Twitter Terms Not a Defense to Copyright Liability

A U.S. District Court judge for the Southern District of New York has ruled that the French wire service Agence France Presse (AFP), Getty images, and The Washington Post infringed the copyright of a photographer by using pictures he took in the aftermath of an earthquake in Haiti and posted on Twitter.

The case stems from photos that the photojournalist Daniel Morel posted to his Twitter account through a TwitPic account. AFP shared the images with Getty, and The Post acquired them independently.

Morel attempted to correct the attribution of the photos (some were credited to another person) and to halt their distribution by third parties. After receiving cease-and-desist letters from Morel’s attorney, AFP filed a declaratory relief action in which it argued that it had not infringed Morel’s copyrights. In response, Morel filed counterclaims, adding Getty and The Post as parties, in which it alleged that the news services willfully infringed his copyrights. Specifically, he claimed the defendants violated his exclusive rights of reproduction, public display, and distribution.

The defendants did not dispute Morel’s copyright in the photos, but relied upon a novel affirmative defense to Morel’s allegations of copyright infringement, namely, that by posting the photos on Twitter, Morel granted them a license.

The terms of service for TwitPic, which Morel used to upload his photos, state that “By uploading your photos to TwitPic you give TwitPic permission to use or distribute your photos on TwitPic.com or affiliated sites.” The terms also provide that respective owners have the copyright to all images. Similarly, Twitter’s terms provide that users “grant us a worldwide, non-exclusive, royalty-free license” and that users retain their rights in the content they submit.

AFP argued that it was a third-party beneficiary to the Twitter terms and, therefore, insulated from liability. However, U.S. District Court Judge Alison J. Nathan found that AFP’s argument had a “fatal flaw”: the company “fails to recognize that even if some re-uses of content posted on Twitter may be permissible, this does not necessarily require a general license to use this content as AFP has.” The court further noted that AFP wholly ignored those portions of the Twitter terms that were directly contrary to its position, particularly those that granted users the rights to retain their content. These statements would have no meaning if Twitter allowed third parties to remove the content from Twitter and license it to others without the consent of the copyright holder, the court said.

The language of Twitter’s terms of service “as a whole” demonstrates that no such license was intended, Judge Nathan concluded. “A license for one use does not equate to a license for all uses.”

Judge Nathan granted summary judgment to Morel and found the defendants AFP and The Post liable for direct copyright infringement.

However, turning to the issue of damages, Judge Nathan refused to grant Morel’s motion for summary judgment, as there were genuine issues of fact as to whether the defendants had acted willfully. The parties’ motions for summary judgment on the issues of vicarious and contributory liability were also denied.

With respect to the damages issues, the court rejected Morel’s argument that he was entitled to a statutory award in the tens or hundreds of millions of dollars, because AFP and Getty were jointly and severally liable for a separate award of statutory damages for each distinct subscriber to their services that ran the photos. The intent of the Copyright Act is “to constrain the award of statutory damages to a single award per work, rather than allowing a multiplication of damages based on the number of infringements,” Judge Nathan wrote, adding that Morel’s proposed interpretation “would lead to absurd results.” Accordingly, the scope of damages remains to be determined.

To read the court’s order in Agence France Presse v. Morel, click here.

Why it matters: Twitter users can breathe a sigh of relief following Judge Nathan’s decision, which recognizes users’ rights to their posted content. However, this may be a narrow ruling, as Nathan noted that an open question remains as to whether a copyright violation occurs where a third party retweets content posted on Twitter. The issue will likely play out in the near future, as the practice of retweeting increases in popularity for both individuals and companies.

Noted and Quoted . . . Roth and Mayer Provide Best Practices for Protecting Brand Reputation in Social Media

In the race to test new technologies and execute social media strategies to reach consumers, companies may discover that they lack an understanding of the risks involved with such initiatives. In addition to the legal risks that can be implicated, brands also need to be sensitive to the reputational issues that might be raised by these campaigns. In an article published by Bloomberg BNA’s Social Media Law & Policy Report on January 15, 2013, Manatt partner Marc Roth and associate Stacey Mayer outline the most pressing issues that should be considered when launching a social media campaign: (1) endorsements; (2) reuse of social media content; (3) privacy; and (4) social media in the workplace.

Roth and Mayer caution brands that “as new technologies, such as facial recognition and geolocation capabilities, develop and become as ubiquitous as sending a text message, companies will need to understand the implications they present, as well as the laws that may apply, in order to avoid liability and maintain a trusting relationship with their customers and employees.”

ACI Women Leaders in Advertising and Marketing
October 22-23, 2015Topic/Speaker: Breaking Through the Glass Ceiling and Keeping It Broken: Increasing the Prominence of Women in Leadership Positions in Advertising LawLinda Goldstein
New York, NYFor more information

Awards

Named 2015 "Law Firm of the Year" for Advertising Law

Recognized for Excellence in the areas of Advertising, Marketing and Media